From fa2b83d6fc44271a49695454738819b0a669130d Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sat, 16 Jun 2018 20:39:51 +0300 Subject: Fix: buglet sound by Daniel --- install.mdwn | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'install.mdwn') diff --git a/install.mdwn b/install.mdwn index ce67f7f..932fb84 100644 --- a/install.mdwn +++ b/install.mdwn @@ -13,6 +13,9 @@ To install ick, you need: * root access on that host over ssh * Ansible installed on a second machine, from which you can ssh in as root to the ick host +* optionally access to an SMTP server for sending notification mails + (only needed if you want to send such mails), with username/password + credentials as needed for SMTP authentication # Get Ansible playbooks and roles @@ -24,10 +27,10 @@ Qvisqve source code to create encrypted client secrets for authentication. * `git clone git://git.qvarnlabs.net/debian-ansible` -* `export ANSIBLE_ROLES_PATH="$(pwd)/debian-ansible-roles"` +* `export ANSIBLE_ROLES_PATH="$(pwd)/debian-ansible/roles"` * `git clone git://git.liw.fi/ick2-ansible` * `git clone git://git.qvarnlabs.net/qvisqve` -* `git clone git://git.qvarnlabs.net/ick2` +* `git clone git://git.liw.fi/ick2` * `cd ick2-ansible` @@ -64,7 +67,7 @@ You will need to generate some of the secrets: * `gpg --armor --export-secret-key ICKAPTKEY > apt.key` -* `cat apt.key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }}` +* `gpg --with-colons --fingerprint ICKAPTKEY | grep "^fpr:" | head -1 | cut -d: -f10` You need to insert the contents of `apt.key` and `apt.key.pub` as the valuess of `apt_signing_key` and `apt_signing_key_pub` variables, and @@ -79,12 +82,15 @@ valuess of `wm_ssh_key` and `wm_ssh_key_pub` variables. ## Generate Qvisqve client secret hash and salt -* `./qvisqve-hash` +* `../qvisqve/qvisqve-hash` -This will ask you for the client secret, and output a few lines of -output. From that output extract `hash` and `salt` and insert them as -the values of `qvisqve_worker1_hash` and `qvisqve_worker1_salt`. Also -insert the cleartext of the secret you gave to `qvisqve_hash` as +This will ask you for the client secret, and then output a few lines +of output. The secret is a shared secret, like a password, which the +admin user, or a worker host, and qvisqve use to authenticate. + +From that output extract `hash` and `salt` and insert them +as the values of `qvisqve_worker1_hash` and `qvisqve_worker1_salt`. +Also insert the cleartext of the secret you gave to `qvisqve_hash` as `worker_secret`. If you have more workers (up to 4, for now), set the corresponding @@ -111,7 +117,7 @@ using this secret to interact with ick yourself. add anything else. It will be processed by the `run-single.sh` script before given to `ansible-playbook`. -* `./run-aingle hosts -e @your.yml` +* `./run-single hosts -e @your.yml` This will take a long while to run, but you will, at the end, have a working ick instance. -- cgit v1.2.1